lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: A.J.Caines at (Andrew J Caines)
Subject: Re: [FD] Super Worm said...
> Morris worm of 1988 did multiple vulnerabilities for multiple platforms.

But the monoculture of sendmail was the aggravating factor which made its
impact so significant - a large piece of complex software riddled with
design flaws, bugs and beyond the ability of any individual to understand
and control, used by most systems on the net. [I hold fingerd and rshd
innocent on the grounds that they worked as intended, but were abused.]

How times don't change.

Well, actually they do. There was only one Morris scale worm, sendmail was
improved in important ways (albeit slowly), superior software was adopted
in significant numbers by informed netizens and those responsible for the
poorer quality software took more responsibility in using it properly.
What's more, we had the excuse of naivety and immaturity of software
design back then.

I wonder how long before the current monoculture threat to the net is
addressed as effectively.

> We've probably got people on this list who weren't even potty trained
> by that date....

..and still aren't.

| -Andrew J. Caines-   Unix Systems Engineer  |
| "They that can give up essential liberty to obtain a little temporary |
|  safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |

Powered by blists - more mailing lists